"sysquery" error

[Joseph S D Yao]

On Wed, Dec 13, 2000 at 09:01:52PM -0600, Larry Sheldon wrote:
> This is the first time (as far as I can remember--certainly the first
> time I have understood) the harm that might be done.  As I said, I've
> tried listing them all, listing only the registered ones, and most
> of the numerically possible combinations in between.

Suggestion: limit yourself to two at your site that are unlikely to be
down at the same time.  Have the off-site three treat both as
"masters".  List all 5 in NS records.  Make sure that the eduNIC has
the exact same information (the 5).

> I'm not sure what the "In fact . . . " sentence is saying.  I am of the
> opinion that every machine that will support a name server along with
> what ever it does for a living is a happier machine and its neighbors
> on the network will be happier about it as well (especially for the
> machines whose work is mostly intra-domain).  Am I wrong there
> too?  And I'll need some help understanding that as well.

There are Organisations that require that a name server machine run no
other network services.  This is to prevent a name server from being
subverted by the machine being "owned" by a hacker/cracker coming in
via another service.  While these Organisations are in the business of
being professionally paranoid, there is some benefit in considering
this scenario.

Machines running unlisted name servers to cache lookups for their own
benefit are another matter.  They may or may not be helpful.  It
depends on whether the pain of doing a network lookup is slower than
the slowdown induced by having a memory hog like 'named' co-resident in
memory.  Often the network lookup can be faster!

-- 
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.